3 
4 

5 
6 
7 
8 
9 



WHAT IS CLAIMED IS: 

1 . In an operating system on 
in the form of encapsulated information, a methoc 
objects within the computing system, said computing 
instantiation of said objects and performance of said 



computing system wherein requests are 
for controlling access to actions and 
system providing facilities for the 
actions, said method comprising: 



configuring selected domains on/said computing system as configured 
domains, each one of said configured domams comprising a higher-order 
multidimensional domain space, for segregating system operational functionality 
according to defined operational boundaries, said operational boundaries defined by 
mapping attributes of the requests into individual domains; 



1 0 providing a master daemon, said master daemon selecting said configured 

1 1 domains by utilizing said attributes of tne requests; 

12 causing said master damion to respond to selected ones of said requests to 

13 perform at least one of the following actions on said computing system: 



instantiating on said operating system at least one 
subordinate daemor 

instantiating on said operating system at least one 
subordinate process; 

instantiating on said operating system at least one 
subordinate/bread; 

performing at least one other defined action; 
whereii/said subordinate daemons, said subordinate processes, said 
subordinate threads, and said other defined actions being constrained to operate within 
one of said configu/ed domains at least as restrictive as the configured domain of said 
master daemon. 
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2 further operative to: 



The method according to claim 1 , wherein said master daemon is 
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3 control functionality of all said instantiated subordinate daemons, 

4 subordinate processes, subordinate threads and said defined actions on said operating 

5 system in said computer system. / 

1 3. In an operating system on a computing system according to claim 

2 1, wherein said master daemon is further operative to: 

3 interface with said computing system to maintain centralized and 

4 coordinated access to auditing subsystems of said operating system. 

1 4. The method according to claims 1-3 wherein said selected domains 

2 are further defined by at least one of a security label, a set of security labels, a lattice of 

3 security labels, a group of security labels, a range of security labels, a combination of 

4 collections of security labels, and other defined constructs. 

1 5. In an operating system on a computing system connected to a 

2 network of computing systems wherein requests are in the form of encapsulated 

3 information, a method for controlling apcess to actions and objects within any of the 

4 computing systems, said computing systems providing facilities for the remote - 

5 instantiation of said objects and performance of said actions, said method comprising: 

6 configuring selected domains on at least one of said computing systems as 

7 configured domains, each one oy said configured domains comprising a higher-order 

8 multidimensional domain space for segregating system operational functionality 

9 according to defined operational boundaries, said operational boundaries defined by 

10 mapping attributes of the requests into individual operating domains; 

1 1 providing a master daemon, said master daemon selecting said configured 

12 domains by utilizing said attributes of the requests; 

13 causing saia master daemon to respond to selected ones of said requests to 

14 perform at least one of the following actions on at least one of said computing systems: 

15 / instantiating at least one daemon; 

16 / instantiating at least one subordinate daemon; 

17 / instantiating at least one process; 
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1 8 instantiating at Ifcast one subordinate process; 

1 9 instantiating at/least one subordinate thread; 

20 performing a/least one other defined action; 

2 1 wherein sard daemons, said subordinate daemons, said 

22 processes, said subordinate processes, said subordinate threads, and said 

23 other defined actions Weing constrained to operate within one of said 

24 configured domains at least as restrictive as the configured domain of said 

25 master daemon. / 

1 6. The method according to claim 5 wherein at least one of said 

2 computing systems is local to skid master daemon. 

1 7. The method according to claim 6 wherein at least one of said 

2 computing systems is on saia network and is remote from said master daemon. 

1 8. The method according to claim 5 wherein at least one of said 

2 computing systems is on said network and is remote from said master daemon. 

1 9. The method according to claim 8 further including the step of: 

2 causing said master daemon to respond to selected ones of said requests to 

3 perform a defined action on said remote computing system. 

1 10. I The method according to claim 9, wherein said master daemon is 

2 further operative to:/ 

3 control functionality of all said instantiated daemons, subordinate 

4 daemons, processes, subordinate processes, subordinate threads and said defined actions 

5 on selected ones/of said operating systems on computer systems connected to said 

6 network. / 

1 / 11 . In an operating system on a computing system connected to a 

2 network of computing systems according to claim 10, wherein said master daemon is 

3 further operative to: 
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interface with saLef local computing system and said remote computing 
systems to maintain centralized and coordinated access to auditing subsystems of said 
computing systems connected to said network of computing systems. 

12. 7ne method according to claims 5-11 wherein said selected 
domains are further/defined by at least one of a security label, a set of security labels, a 
lattice of securityiabels, a group of security labels, a range of security labels, a 
combination of collections of security labels, and other defined constructs. 
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